CVE-2025-1868

Vulnerability of unauthorized exposure of confidential information affecting Advanced IP Scanner and Advanced Port Scanner. It occurs when these applications initiate a network scan, inadvertently sending the NTLM hash of the user performing the scan. This vulnerability can be exploited by...

Linux Distros Unpatched Vulnerability : CVE-2024-45797

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Prior to version 0.5.49, unbounded processing of HTTP request and...

CVE-2025-1868 Information display on multiple products from Famatech Corp

Vulnerability of unauthorized exposure of confidential information affecting Advanced IP Scanner and Advanced Port Scanner. It occurs when these applications initiate a network scan, inadvertently sending the NTLM hash of the user performing the scan. This vulnerability can be exploited by...

CVE-2025-1868

CVE-2025-1868 describes an NTLM leakage vulnerability in Famatech’s Advanced IP Scanner and Advanced Port Scanner. When a network scan is initiated, the tools may emit the NTLM hash of the scanning user, enabling an attacker to intercept traffic to a legitimate or fake server to extract the user ...

Oracle Agile Product Lifecycle Management (PLM) 9.3.6.x < 9.3.6.26

The version of Oracle Agile Product Lifecycle Management PLM on the remote host is 9.3.6.x prior to 9.3.6.26. It is, therefore, affected by multiple vulnerabilities, including: - Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain component: Export. The supported version that is...

nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap

A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an...

The vulnerability of the Web Services component of the Oracle Hyperion Data Relationship Management data management application allows a perpetrator to gain full control over the application.

The vulnerability of the Web Services component of the Oracle Hyperion Data Relationship Management data management application relates to deficiencies in the authentication mechanism. Exploiting this vulnerability could allow an attacker, operating remotely, to gain full control over the...

CVE-2024-23837

LibHTP is a security-aware parser for the HTTP protocol. Crafted traffic can cause excessive processing time of HTTP headers, leading to denial of service. This issue is addressed in 0.5.46...

CVE-2024-28871

LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Version 0.5.46 may parse malformed request traffic, leading to excessive CPU usage. Version 0.5.47 contains a patch for the issue. No known workarounds are available...

CVE-2025-0631

A Credential Exposure Vulnerability exists in the above-mentioned product and version. The vulnerability is due to using HTTP resulting in credentials being sent in clear text...

The vulnerability of the Shopping Cart component of the Oracle iStore system, which is used for creating, managing, and personalizing online stores. This vulnerability exists in the Oracle E-Business Suite, a software solution for automating business operations. It allows attackers to gain access to read, modify, or delete data.

The vulnerability of the Shopping Cart component in the Oracle iStore system, which is used for creating, managing, and personalizing online stores, as well as the Oracle E-Business Suite system for automating business operations, is related to deficiencies in the authentication process. Exploiti...

The vulnerability of the components of the Oracle Enterprise Command Center Framework allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Diagnostics components of the Oracle Enterprise Command Center Framework is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information through the HTTP network protocol...

Medium: grpc

Issue Overview: It's possible for a gRPC client communicating with a HTTP/2 proxy to poison the HPACK table between the proxy and the backend such that other clients see failed requests. It's also possible to use this vulnerability to leak other clients HTTP header keys, but not values. This occu...

[SECURITY] Fedora 41 Update: python-aiohttp-3.10.5-3.fc41

Python HTTP client/server for asyncio which supports both the client and the server side of the HTTP protocol, client and server websocket, and webservers with middlewares and pluggable routing...

PT-2024-41474 · Hikvision · Ds-2Cd1Xxxg0 +11

Уязвимость реализации протокола HTTP служб DynDNS и NO-IP микропрограммного обеспечения IP-камер Hikvision связана с передачей конфиденциальной информации в незашифрованном виде. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить атаку типа «человек посередине»...

The vulnerability of the Infrastructure component of the Oracle Banking Liquidity Management management platform allows a hacker to gain unauthorized access to read, create, modify, and delete data, or to cause a service failure.

The vulnerability of Oracle Banking Liquidity Management’s infrastructure component relates to improper cleaning or release of resources. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to read, create, modify, and delete data, or cause...

The vulnerability of the Expenses component in the PeopleSoft Enterprise FIN Expenses business application suite allows a hacker to gain unauthorized access to protected information.

The vulnerability of the Expenses component in the PeopleSoft Enterprise FIN Expenses business application is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected information using the...

The vulnerability of the UI and Visualization components of the Oracle Hyperion BI+ service allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the UI and Visualization component of the Oracle Hyperion BI+ service is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information using the HTTP protocol...

CVE-2024-30124

HCL Sametime is impacted by insecure services in-use on the UIM client by default. An unused legacy REST service was enabled by default using the HTTP protocol. An attacker could potentially use this service endpoint maliciously...

CVE-2024-30124

CVE-2024-30124 affects HCL Sametime; an unused legacy REST service was enabled by default over HTTP in the UIM client. The issue allows a local attacker to potentially abuse the service endpoint, with the CVSS indicating Local access, low attack complexity, no privileges, and a LOW availability i...